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(54) PROTECTIVE METHOD OF CIPHERING FOR SUBSCRIPTION SATELLITE TELEVISION 

(57)Abstract: 

PURPOSE: To prevent nonsubscribed particles and 
subscribed parties delinquent in paying charges from 
receiving satellite television by using a ciphering 
technology by which video signals are transmitted to 
each subscribed party in different ciphered forms. 
CONSTITUTION: A ciphered key ciphered by means of 
the ciphering device 16 of a programming device 10 is 
transmitted to a subscriber. The random number 
generator 20 of a transmitter periodically generates a 
new random number. A program signal from a supply 
source 22 is supplied to a signal processor 25 which 
ciphers the signal by using a divided PN sequence from 
an PN sequence generator. Ciphered signals are 
supplied to a transmission requiring transmitter 26 and 
a random number ciphered by means of a ciphering 
device 28 is also supplied to the transmitter 26 and 

transmitted together with the ciphered signals. The ^--^ ^ W ^ 
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decoder 32 of an image receiver 36 decodes the ciphered key. A receiver 36 separates the 
ciphered signals and supplies the signals to a decoder 34 which decodes the signals by using the 
key received from the decoder 32. The decoded signals are supplied to the television set 42 of 
the subscriber. 
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[57] ABSTRACT 

In a secure communications system, a key number 
which is changed periodically, e.g. monthly, and a ran- 
dom number from a random number generator are com- 
bined and used as a seed to reset a PN sequence genera- 
tor, with the output of the generator being used to con- 
trol encryption of transmission data in a signal proces- 
sor. The key is also provided to a first encipherer to 
encipher the random number for transmission with the 
encrypted data. At the receiver, the key is provided on 
common to a decipherer for deciphering the random 
number and a PN sequence generator which is periodi- 
cally reset by the combination of the key and random 
number in the same manner as in the transmitter. The 
PN sequence is then used to decrypt the information. 
User identification codes are stored in the transmitter 
and are used to encipher the key, with each employing 
its ID code to decipher the key. The user ID codes are 
known only to the system operator, so that not even a 
particular user can know the key. 

19 Claims, 1 Drawing Figure 
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SECURITY SYSTEM FOR SSTV ENCRYPTION 

BACKGROUND OF THE INVENTION 

The present invention is related to the confidentiahty ^ 
of television signal transmissions, and more particularly 
to the protection of TV signal transmissions from unau- 
thorized reception. The environment in which the pres- 
ent invention may be widely applicable, and in the con- 
text of which the invention will be described herein, is 
that of subscriber television and TV program distribu-^ 
tion. 

Subscriber television systems are becoming increas- 
ingly widespread wherein TV signals are sent out via a 
cable network or over the air and are intended for re- 
ception and viewing by only those subscribers who 
have paid a monthly fee. With the increase in subscriber 
television systems has also come an increase in the num- 
ber of people attempting to receive and display the 
premium television programs without payment. Thus, 
there is a need for more sophisticated security tech- 
niques for preventing such unauthorized reception. 

Many existing subscriber television systems utilize, 
directly or indirectly, signals transmitted via satellite, 
and it is becoming quite common for non-paying indi- 25 
viduals to receive and display the premium television 
programs via television receive only (TVRO) antennas, 
thus resulting in a substantial loss of revenue for the 
distributors of the subscription television programs. In 
addition, various direct satellite broadcast television 30 
systems are currently being proposed wherein subscrip- 
tion television programs will be broadcast directly via 
satellite to individual subscriber homes. These subscrip- 
tion satellite television (SSTV) systems will be quite 
vulnerable to unauthorized reception, and an effective 35 
security technique is therefore highly desirable. 

The purpose of a security subsystem for an SSTV 
system is to protect the distributor's business interest 
and, accordingly, the following objectives should be 
achieved: 40 

(1) To prevent a non-subscriber from receiving intel- 
ligible video and audio signals by using a regular 
home television set; 

(2) To prevent a delinquent subscriber from receiving 
intelligible video and audio signals by using the 45 
SSTV decoder; 

(3) To prevent a legitimate subscriber from receiving 
intelligible video and audio signals of unsubscribed 
SSTV channels or programs; 

(4) To discourage an average technician from build- 50 
ing his own receiver capable of obtaining accept- 
able quality video and audio signals; 

(5) To discourage a small unauthorized business con- 
cern from manufacturing and marketing devices 
which are capable of receiving and displaying ac- 55 
ceptable quality video and audio signals from the 
SSTV channels; and 

(6) To allow a legitimate subscriber to receive and 
display high quality video and audio signals from 
the subscribed channels or programs. 60 

It would also be highly desirable to achieve the above 
objectives at a reasonable cost. 

A number of security systems for CATV exist, most 
of which involve the suppression or removal of the 
horizontal sync pulses from the video signal before 65 
transmission, and the recovery of the sync pulses at the 
receive end. These techniques will prevent people with- 
out the sync recovery circuits from receiving and dis- 



playing the programs and may therefore achieve objec- 
tives (1) and (6) above, but those security systems do not 
achieve objectives (2) and (3) and, since sync recovery 
circuits are relatively easily designed and manufactured, 
also do not satisfy objectives (4) and (5). 

More sophisticated techniques may include addi- 
tional intelligence in the subscriber's decoder box, in- 
cluding the capability of receiving commands from a 
control center which are specifically addressed to an 
individual subscriber and are used to turn on or off some 
or all of the channels. These more sophisticated security 
techniques may succeed in achieving objectives (l)-(3) 
and (6), but still do not satisfy objectives (4) and (5). For 
example, most of these techniques involve the checking 
of a password, and a particular channel is turned on 
only if the password is matched. This could be rela- 
tively easily by-passed by modifying the subscriber's 
decoder box or building a separate box with all of the 
necessary features except the on/off switch. Further, 
subscribers may also be able to tamper with the decoder 
box to receive more programs than are actually paid 
for. 

SUMMARY OF THE INVENTION 

It is an object of the present invention to provide a 
security subsystem for a subscription television system 
wherein all of the above-mentioned objectives (l)-(6) 
are achieved. 

It is a further object of this invention to provide such 
a security subsystem of minimal cost and complexity. 

These and other objects are achieved according to 
the present invention by using a cryptographic tech- 
nique for scrambling and descrambling of the video 
signals. The scrambling and descrambling techniques 
utilize a "key" which is changed on a regular basis and 
is sent only to paid subscribers, and even this "key" is 
sent in a different encrypted form to each subscriber so 
that delinquent subscribers cannot learn the current key 
from others. 

A record is kept of unique user ID codes correspond- 
ing to each subscriber, and in a transmitter according to 
the preferred embodiment of this invention, the key is 
ciphered with each subscriber's unique ID code prior to 
sending the key to that subscriber. A random number 
generator in the transmitter generates a new random 
number at regular intervals, for example, every second, 
and this number is combined with the key, and the 
combined number is then used as a seed to reset a PN 
sequence generator every second. This PN sequence 
generator will thus generate a PN sequence with a ran- 
dom seed in one-second segments, and the segmented 
PN sequence is supplied to a signal processor where it is 
used to scramble the audio and video program signals. 
The random number generator is also ciphered with the 
key and the enciphered random number is continually 
transmitted with the scrambled video signal. 

At the receiver, the enciphered key, which has been 
sent either via satellite or mail, is deciphered in the 
receiver utilizing the particular subscriber's unique ID 
code, which ID code is internal to the receiver and is 
unknown to the subscriber. The deciphered key is then 
in turn used to decipher the enciphered random number 
received with the scrambled program signal. The deci- 
phered key and random number are then combined as in 
the transmitter, and the combined signal is used to con- 
tinually reset a PN sequence generator identical to that 
in the transmitter so that a segmented PN sequence will 
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be generated in the receiver which is identical to that 
generated in the transmitter, and this segmented PN 
sequence can then be used to descramble the received 
signal. The descrambled signal will then be supplied to 
the subscriber television set. 5 

BRIEF DESCRIPTION OF THE DRAWING 

The invention will be more clearly understood with 
reference to the following description in conjunction 
with the accompanying drawing wherein the single 10 
FIGURE is a block diagram of the essential compo- 
nents of the SSTV security system according to the 
present invention. 



DETAILED DESCRIPTION OF THE 
PREFERRED EMBODIMENT 
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The drawing illustrates a functional block diagram of 
the SSTV security system according to this invention. 
The SSTV transmitter will typically include or have 
access to a billing system computer 10 which will store 20 
subscriber information including a list of paid subscrib- 
ers and their corresponding unique user ID codes. This 
information may typically be stored in a user data base 
12 within the computer. Also within the computer will 
be a register 14 or the like containing a key which will 25 
be changed on a regular basis, e.g. monthly. In prepara- 
tion for sending this "key of the month" to each current 
subscriber, the key is enciphered in an encipherer 16 
with the user ID code unique to that particular current 
subscriber, and the enciphered key is then sent to the 30 
subscriber. 

The transmitter includes a pseudo-random number 
(PN) sequence generator 18 and a random number gen- 
erator 20. The random number generator 20 periodi- 
cally generates a new random number, e.g. once every 35 
second, and the outputs of the random number genera- 
tor 20 and key register 14 are combined and loaded into 
the PN sequence generator 18 to periodically reset or 
**seed" the PN sequence generator 18 in a manner well 
known in the art. Each seeding of the sequence genera- 40 
tor 18 will begin a new segment of the PN sequence. 
The program signal from source 22 is supplied to a 
signal processor 24 where it is encrypted with the seg- 
mented PN sequence from generator 18. The encryp- 
tion technique used may be any one of a variety of well 45 
known techniques and need not be discussed in detail 
herein. The encrypted, or scrambled, signal is then 
provided to a transmitter 26 for transmission over link 
100 to the various subscriber receivers. 

The random number from generator 20 is enciphered 50 
with the key of the month in an encipherer 28, and the 
enciphered random number is transmitted with the 
scrambled video signal over the link 100. 

At the receiver, a register 30 or the like internal to the 
subscriber TV receiver contains a subscriber-specific 55 
secret user ID code which is set prior to installation and 
is stored in the user data base 12 of the billing computer 
at the transmitter. Thus, when the subscriber receiver 
receives the enciphered key or when the user receives 
the enciphered key by mail and enters the enciphered 60 
key into the receiver, a decipherer 32 in the receiver 
deciphers the enciphered key with the secret user ID 
code specific to that particular subscriber, and the deci- 
phered key is provided to a decipherer 34. A receiver 36 
separates the scrambled signal from the enciphered 65 
random number received over link 100 and provides the 
enciphered random number to the decipherer 34 where 
it is deciphered with the key received from the deci- 



pherer 32. The deciphered random number and key are 
then combined and loaded into the PN sequence gener- 
ator 38 to reset or "seed" the sequence generator in the 
same manner as in the transmitter, to thereby result in 
the same segmented PN sequence as was used for 
scrambling in the SSTV transmitter signal processor 24. 
This segmented PN sequence is then provided to signal 
processor 40 where it is used to descramble the received 
program signal. The descrambled signal is then pro- 
vided to the subscriber television set 42. 

The above-described security system provides a 
novel technique for generating and synchronizing a 
segmented pseudo-random number (PN) sequence, and 
a secure key distribution method. The segmented PN 
sequence generated is used to control the video and 
audio signal processors that scramble and descramble 
the program signals. Since a different segmented PN 
sequence will be generated by each distinct key, the 
scrambling sequence is different for each key, and by 
periodically changing the key the scrambling and de- 
scrambling sequences will change. Thus, it is not possi- 
ble for anyone without exact knowledge of the current 
key to descramble the received program signal with or 
without a descrambling device. 

For each given duration of time, a particular channel 
is scrambled by a PN sequence that is generated by a 
randomly selected number and the key of the month. To 
prevent subscribers of different channels from exchang- 
ing the keys among themselves, it is essential that the 
key for a given channel distributed to each subscriber 
look different, and this accomplished by enciphering 
the key with each subscriber's unique user ID code. In 
this way, although a single key is provided by the regis- 
ter 14 at any one time, a different key is required by 
each subscriber. It is only when the subscriber-specific 
key is entered into the receiver that the true key of the 
month contained in register 14 can be provided to the 
decipherer 34 and sequence generator 38, and the deci- 
phering of this true key of the month in the decipherer 
32 is performed internally of the subscriber receiver and 
without the subscriber's knowledge. 

An important feature of any security system is that a 
legitimate subscriber must be capable of obtaining syn- 
chronization within a short period of time. In the system 
according to the present invention, the PN sequence 
used for scrambling and descrambling the signal in sig- 
nal processors 24 and 40, respectively, is separated into 
short segments each of which is seeded by the combina- 
tion of the key of the month and a random number 
which changes, for example, once every second. Thus, 
assuming that a legitimate subscriber does have his ap- 
propriate key, the time required to acquire synchroniza- 
tion will be substantially equal to the duration of each 
random number so that synchronization can be acquired 
rapidly in case of loss of sync due to power outages, 
rainstorms, changing of channels, etc. 

The individual components in the security system 
according to the present invention are known in the art 
and need not be described in detail herein since the 
internal details of these components do not constitute a 
part of the present invention. The encipherers used to 
encipher the key of the month and the random number 
can be two different encipherers, but for the sake of 
hardware simplicity at the receive side, and consequent 
cost savings in mass production of the subscriber receiv- 
ers, it is preferable that the same encipherers be used. 
The encipherer may employ any enciphering method as 
long as it has a sufficiently high level of security. 



4,484,027 



The PN sequence generator can be any general PN 
sequence generator as long as it also has sufficient secu- 
rity strength, e.g. a properly selected non-linear feed- 
back shift register may suffice. 

The random number generator in the transmitter may 5 
be a well known thermal noise generator which gener- 
ates "true" random numbers, or it may be a pseudo-ran- 
dom number generator similar to the sequence genera- 
tor 18, implemented in a well known manner with digi- 
tal electronics or computer software. Similarly, the 10 
technique for combining the key of the month and the 
random number generator to produce the "seed" for the 
PN sequence generators 18 and 38 is not critical, with 
the simplest technique being a bit-by-bit modulo-2 addi- 
tion of the two numbers. 15 

In general, each of the functional blocks in the draw- 
ing can be implemented with existing techniques, with 
system complexity and cost and security strength de- 
pending on the particular implementation of each of the 
functional blocks. 20 

The transformation of the simple cipherer is specified 
by a variable which is different for each channel or 
special program, and is changed every month. 

The user ID code 30 within each subscriber set may 
be a set of binary switches or a bit pattern programmed 25 
into a read-only memory in a sealed box to prevent the 
subscriber from seeing or changing the number. 

The use of a simple cipherer in addition to the non- 
linear feedback shift-register may seem to increase the 
system complexity unnecesarily. However, since only a 30 
small amount of data, namely the "seed", need be han- 
dled each time, and since the statistical properties of the 
cipherer do not impact to the output of the PN sequence 
generator, the cipherer can be very simple. One possible 
approach, for example, is a ROM table of random bits 35 
with or without cipher feedback. The use of this simple 
cipherer greatly simplifies the problem of cryptosyn- 
chronization and key distribution, and therefore reduces 
the overall system complexity. 

Suitable alternatives for the scrambling of the pro- 40 
gram signals include conventional scrambling tech- 
niques such as on-off switching, randomly inverting 
lines, fields or frames, and delaying horizontal lines or 
fields by certain randomly fixed steps. In any case, the 
technique used will require the generation of a PN 45 
sequence which must be synchronized at both the trans- 
mit and receive sides. 
What is claimed is: 

1. In a communications system including a transmitter 
and a receiver, said transmitter including a program 50 
source for providing a program signal representing 
program information, a transmit signal processor for 
encrypting said program signal in accordance with a 
transmit control signal and transmit means for transmit- 
ting said encrypted signal, said receiver including re- 55 
ceive means for receiving said encrypted signal, a re- 
ceiver signal processor for decrypting said encrypted 
signal in accordance with a receive control signal and 
means for receiving said decrypted signal and providing 
said program information, the improvement compris- 60 
ing: 

first generator means at said transmitter for generat- 
ing a first sequence of signals representing a first 
sequence of numbers; 

key number means at said transmitter for providing a 65 
key number signal representing a key number; 

second generator means at said transmitter for gener- 
ating a second sequence of signals representing a 



second sequence of numbers, said second generator 
means being periodically reset by a reset signal 
comprising the output of said first generator means 
to thereby generate a plurality of sequence seg- 
ments each beginning with a reset signal, the out- 
put of said second generator means comprising said 
transmit control signal; 

means at said transmitter for enciphering s'aid first 
sequence of signals with said key number signal 
and for providing said enciphered first signal se- 
quence to said transmit means for transmission with 
said encrypted program signal; 

means at said receiver for providing said key number 
signal; 

receive deciphering means at said receiver for receiv- 
ing said enciphered first signal sequence and said 
key number, deciphering said first signal sequence 
in accordance with said key number and providing 
said deciphered first signal sequence as an output; 
and 

receive generating means for generating a sequence 
of signals representing said first sequence of num- 
bers, said receive generating means being periodi- 
cally reset by a reset signal comprising the output 
of said receive deciphering means to thereby gen- 
erate said plurality of sequence segments, said plu- 
rality of sequence segments being provided by said 
receive generating means to said receive signal 
processor as said receive control signal. 

2. A communications system as defined in claim 1, 
further comprising: 

means for providing an identification number signal 
uniquely identifying said receiver; 

means for enciphering said key number signal with 
said identification signal; 

means at said receiver for providing said identifica- 
tion number signal; and 

means at said receiver for receiving said identification 
number signal and said enciphered key number 
signal and for deciphering said key number signal, 
said deciphered key number signal being provided 
to said receive deciphering means. 

3. A communications system as defined in either one 
of claims 1 or 2, wherein each of said reset signals pro- 
vided to said second generator means comprises a com- 
bination of said key number signal and a signal of said 
first signal sequence, and wherein each of said reset 
signals provided to said receive generator means com- 
prises a combination of said key number signal and a 
signal of said deciphered first signal sequence. 

4. A communications systems as defined in claim 3, 
wherein said key number signal is changed at predeter- 
mined time intervals. 

5. A communications system as defined in claim 4, 
wherein said second generator means is a non -linear 
pseudorandom sequence generator. 

6. A communications system as defined in claim 3, 
wherein a plurality of receivers receive the encrypted 
signal transmitted by said transmitter, each of said re- 
ceivers having a corresponding unique identification 
number and said enciphered key number received at 
each receiver being enciphered with the user identifica- 
tion number unique to said each receiver. 

7. The communications system as defined in claim 6, 
wherein said first signal sequence represents a substan- 
tially random number sequence. 

8. In a method of providing security in a signal trans- 
mission system, said method including the steps of en- 
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crypting in accordance with an encryption control sig- 
nal a program signal representing information, transmit- 
ting said encrypted signal, receiving said encrypted 
signal, decrypting said received encrypted signal in 
accordance v^ith a decryption control signal and pro- 5 
viding said information represented by said decrypted 
signal, the improvement comprising: 

generating a key number signal representing a key 
number; 

generating a first signal sequence representing a first ^0 
sequence of numbers; 

generating a second signal sequence representing a 
second sequence of numbers, said second signal 
sequence being periodically reset by a reset signal 
comprising a signal of said first signal sequence to 
thereby generate a plurality of second sequence 
segments; 

providing said second sequence segments to said 
transmit signal processor as said encryption control 
signal; 

enciphering said first signal sequence with said key 
number and providing said enciphered first se- 
quence to said transmitter for transmission with 
said encrypted signal; 

decrypting said enciphered first sequence at said re- 
ceiver in accordance with said key number signal; 

generating said second sequence segments at said 
receiver by resetting a receive number signal gen- 
erator with a reset signal comprising said deci- 
phered first signal sequence; and 

providing said second sequence segments to said re- 
ceive signal processor as said decryption control 
signal. 

9. A method as defined in claim 8, further comprising: 35 
enciphering said key number signal at said transmitter 

with a user identification number signal uniquely 

identifying said receiver; 
transmitting said enciphered key number signal to 

said receiver; 4q 
deciphering said enciphered key number signal at said 

receiver in accordance with said user identification 

number signal uniquely identifying said receiver; 

and 

providing said deciphered key number signal to said 45 
deciphering means. 

10. The method as defined in claim 9, further com- 
prising the steps of: 

combining said key number signal and a signal in said 

first sequence to obtain said reset signal in said 50 

transmitter; and 
combining said key number signal and a signal in said 

deciphered first sequence in order to obtain said 

reset signal in said receiver. 

11. The method as defined in any one of claims 8-10, 55 
further comprising the step of periodically changing 
said key number signal. 

12. The method as defined in claim 11, wherein said 
second generator means in said transmitter and said 
generator means in said receiver each generate non-lin- 60 
ear pseudo-random signal sequences. 

13. The method as defined in claim 12, wherein said 
first signal sequence represents a substantially random 
number sequence. 

14. A communications system including a transmitter 65 
and a receiver, said system comprising: 

a program source at said transmitter for providing a 
program signal representing program information; 
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first generator means at said transmitter for generat- 
ing a first sequence of signals representing a first 
sequence of numbers; 

key number means at said transmitter for providing a 
key number signal representing a key number; 

transmit signal processing means at said transmitter 
responsive to at least said first sequence of signals 
for encrypting said program signal; 

enciphering means at said transmitter for enciphering 
said first sequence of signals with said key number 
signal to provide an enciphered first signal se- 
quence; 

transmit means at said transmitter for transmitting 
said encrypted program signal and said enciphered 
first signal sequence; 

means at said receiver for providing said key number 
signal; 

receive deciphering means at said receiver for receiv- 
ing said enciphered first signal sequence and said 
key number, deciphering said first signal sequence 
in accordance with said key number and providing 
said deciphered first signal sequence as an output; 
and 

receive generating means at said receiver responsive 
to at least said output of said receive deciphering 
means for receiving and decrypting said encrypted 
program signal to obtain said program signal. 

15. A communications system as defined in claim 14, 
wherein said transmit signal processing means includes 
encryption means for encrypting said program signal in 
accordance with an encryption control signal, and sec- 
ond generator means at said transmitter for generating a 
second sequence of signals representing a second se- 
quence of numbers, said second generator means being 
periodically reset by a reset signal comprising at least 
the output of said first generator means to thereby gen- 
erate a plurality of sequence segments each beginning 
with a reset signal, the output of said second generator 
means comprising said encryption control signal. 

16. A communications system as defined in claim 15, 
wherein said reset signal comprises a combination of 
said key number signal and the output of said first gen- 
erator means. 

17. A method of providing security in a signal trans- 
mission system between a transmitter and a receiver, 
said method comprising the steps of: 

providing a program signal representing information; 
generating a first sequence of signals representing a 

first sequence of numbers; 
providing a key number signal representing a key 

number; 

encrypting said program signal in accordance with at 

least said first sequence of signals; 
enciphering said first sequence of signals with said 

key number signal to provide an enciphered first 

signal sequence; 
transmitting said encrypted program signal and said 

enciphered first signal sequence to said receiver; 
providing said key number signal at said receiver; 
deciphering said first signal sequence at said receiver 

in accordance with said key number to obtain a 

deciphered first signal sequence; and 
decrypting said encrypted program signal at said 

receiver in accordance with at least deciphered 

first signal sequence to obtain said program signal. 

18. A method as defined in claim 17, wherein said step 
of encrypting said program signal in accordance with at 
least said first sequence of signals comprises the steps 
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generating a second sequence of signals representing a 
second sequence of numbers, said second sequence of 
signals comprising a plurality of sequence segments 
each beginning with a reset signal, said reset signal 
comprising at least said first signal sequence, said en- 



crypting said program signal in accordance with said 
second sequence of signals. 

19. A method as defined in claim 18, wherein said 
reset signal comprises a combination of said key number 
signal and said first sequence of signals. 
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